With ever increasing cyber security threats and incidents of serious security breaches, it is important for businesses and organizations to protect sensitive data. Because such sensitive data is often stored on computers used within the organization and accessed from/stored on devices external to the organization boundaries, ensuring that the data is secure in both can be problematic. In many industries such protection is also mandated by law and/or stringent compliance requirements. Encrypting data at rest (end-to-end) and maintaining audit log of users accessing the secured data/systems are major components in many compliance requirements.
The use of Full Disk Encryption (FDE) and Full Volume Encryption (FVE) are well-known technologies to secure data at rest on a computer's hard drives and partitions (i.e. volumes) in such a way that all data stored is always encrypted. There are many different ways to implement this type of encryption.
While forcing each user internally and externally to use the same computer operating system and same encryption mechanism is possible in theory, in practice it becomes very difficult, especially when operating systems, vendors, devices, types and versions vary.
Currently, compliance with policies is enforced mainly by requiring every user to fill out a survey in which he or she indicates whether they comply with the policy requirements. This is obviously insecure, and can easily be filled out incorrectly, whether purposefully or accidentally.
Alternatively compliance can be enforced within an organization by supplying devices with specific software, or by requiring the use of a specific software or module on all devices. However, this approach cannot verify compliance when different vendors, devices, and different solutions are used.
Alternatively, the business may simply permit users to bring their own devices (BYOD) without device management. However, this path requires giving up compliance requirements, and decreasing security of the network.